use rootless netns from c/common

Use the new rootlessnetns logic from c/common, drop the podman code here and make use of the new much simpler API. ref: https://github.com/containers/common/pull/1761 [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-12-06 21:57:50 +08:00 · 2023-11-24 18:00:24 +01:00
parent 605a29a714
commit a687c38860
38 changed files with 1171 additions and 1072 deletions
--- a/vendor/github.com/containers/common/libnetwork/cni/run.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/run.go
@@ -39,61 +39,71 @@ func (n *cniNetwork) Setup(namespacePath string, options types.SetupOptions) (ma
 		return nil, fmt.Errorf("failed to set the loopback adapter up: %w", err)
 	}

-	var retErr error
-	teardownOpts := options
-	teardownOpts.Networks = map[string]types.PerNetworkOptions{}
-	// make sure to teardown the already connected networks on error
-	defer func() {
-		if retErr != nil {
-			if len(teardownOpts.Networks) > 0 {
-				err := n.teardown(namespacePath, types.TeardownOptions(teardownOpts))
-				if err != nil {
-					logrus.Warn(err)
+	results := make(map[string]types.StatusBlock, len(options.Networks))
+
+	setup := func() error {
+		var retErr error
+		teardownOpts := options
+		teardownOpts.Networks = map[string]types.PerNetworkOptions{}
+		// make sure to teardown the already connected networks on error
+		defer func() {
+			if retErr != nil {
+				if len(teardownOpts.Networks) > 0 {
+					err := n.teardown(namespacePath, types.TeardownOptions(teardownOpts))
+					if err != nil {
+						logrus.Warn(err)
+					}
 				}
 			}
+		}()
+
+		ports, err := convertSpecgenPortsToCNIPorts(options.PortMappings)
+		if err != nil {
+			return err
 		}
-	}()

-	ports, err := convertSpecgenPortsToCNIPorts(options.PortMappings)
-	if err != nil {
-		return nil, err
-	}
+		for name, netOpts := range options.Networks {
+			netOpts := netOpts
+			network := n.networks[name]
+			rt := getRuntimeConfig(namespacePath, options.ContainerName, options.ContainerID, name, ports, &netOpts)

-	results := make(map[string]types.StatusBlock, len(options.Networks))
-	for name, netOpts := range options.Networks {
-		netOpts := netOpts
-		network := n.networks[name]
-		rt := getRuntimeConfig(namespacePath, options.ContainerName, options.ContainerID, name, ports, &netOpts)
-
-		// If we have more than one static ip we need parse the ips via runtime config,
-		// make sure to add the ips capability to the first plugin otherwise it doesn't get the ips
-		if len(netOpts.StaticIPs) > 0 && !network.cniNet.Plugins[0].Network.Capabilities["ips"] {
-			caps := make(map[string]interface{})
-			caps["capabilities"] = map[string]bool{"ips": true}
-			network.cniNet.Plugins[0], retErr = libcni.InjectConf(network.cniNet.Plugins[0], caps)
-			if retErr != nil {
-				return nil, retErr
+			// If we have more than one static ip we need parse the ips via runtime config,
+			// make sure to add the ips capability to the first plugin otherwise it doesn't get the ips
+			if len(netOpts.StaticIPs) > 0 && !network.cniNet.Plugins[0].Network.Capabilities["ips"] {
+				caps := make(map[string]interface{})
+				caps["capabilities"] = map[string]bool{"ips": true}
+				network.cniNet.Plugins[0], retErr = libcni.InjectConf(network.cniNet.Plugins[0], caps)
+				if retErr != nil {
+					return retErr
+				}
 			}
-		}

-		var res cnitypes.Result
-		res, retErr = n.cniConf.AddNetworkList(context.Background(), network.cniNet, rt)
-		// Add this network to teardown opts since it is now connected.
-		// Also add this if an errors was returned since we want to call teardown on this regardless.
-		teardownOpts.Networks[name] = netOpts
-		if retErr != nil {
-			return nil, retErr
-		}
+			var res cnitypes.Result
+			res, retErr = n.cniConf.AddNetworkList(context.Background(), network.cniNet, rt)
+			// Add this network to teardown opts since it is now connected.
+			// Also add this if an errors was returned since we want to call teardown on this regardless.
+			teardownOpts.Networks[name] = netOpts
+			if retErr != nil {
+				return retErr
+			}

-		logrus.Debugf("cni result for container %s network %s: %v", options.ContainerID, name, res)
-		var status types.StatusBlock
-		status, retErr = CNIResultToStatus(res)
-		if retErr != nil {
-			return nil, retErr
+			logrus.Debugf("cni result for container %s network %s: %v", options.ContainerID, name, res)
+			var status types.StatusBlock
+			status, retErr = CNIResultToStatus(res)
+			if retErr != nil {
+				return retErr
+			}
+			results[name] = status
 		}
-		results[name] = status
+		return nil
 	}
-	return results, nil
+
+	if n.rootlessNetns != nil {
+		err = n.rootlessNetns.Setup(len(options.Networks), setup)
+	} else {
+		err = setup()
+	}
+	return results, err
 }

 // CNIResultToStatus convert the cni result to status block
@@ -225,28 +235,39 @@ func (n *cniNetwork) teardown(namespacePath string, options types.TeardownOption
 	}

 	var multiErr *multierror.Error
-	for name, netOpts := range options.Networks {
-		netOpts := netOpts
-		rt := getRuntimeConfig(namespacePath, options.ContainerName, options.ContainerID, name, ports, &netOpts)
+	teardown := func() error {
+		for name, netOpts := range options.Networks {
+			netOpts := netOpts
+			rt := getRuntimeConfig(namespacePath, options.ContainerName, options.ContainerID, name, ports, &netOpts)

-		cniConfList, newRt, err := getCachedNetworkConfig(n.cniConf, name, rt)
-		if err == nil {
-			rt = newRt
-		} else {
-			logrus.Warnf("Failed to load cached network config: %v, falling back to loading network %s from disk", err, name)
-			network := n.networks[name]
-			if network == nil {
-				multiErr = multierror.Append(multiErr, fmt.Errorf("network %s: %w", name, types.ErrNoSuchNetwork))
-				continue
+			cniConfList, newRt, err := getCachedNetworkConfig(n.cniConf, name, rt)
+			if err == nil {
+				rt = newRt
+			} else {
+				logrus.Warnf("Failed to load cached network config: %v, falling back to loading network %s from disk", err, name)
+				network := n.networks[name]
+				if network == nil {
+					multiErr = multierror.Append(multiErr, fmt.Errorf("network %s: %w", name, types.ErrNoSuchNetwork))
+					continue
+				}
+				cniConfList = network.cniNet
 			}
-			cniConfList = network.cniNet
-		}

-		err = n.cniConf.DelNetworkList(context.Background(), cniConfList, rt)
-		if err != nil {
-			multiErr = multierror.Append(multiErr, err)
+			err = n.cniConf.DelNetworkList(context.Background(), cniConfList, rt)
+			if err != nil {
+				multiErr = multierror.Append(multiErr, err)
+			}
 		}
+		return nil
 	}
+
+	if n.rootlessNetns != nil {
+		err = n.rootlessNetns.Teardown(len(options.Networks), teardown)
+	} else {
+		err = teardown()
+	}
+	multiErr = multierror.Append(multiErr, err)
+
 	return multiErr.ErrorOrNil()
 }

@@ -267,3 +288,10 @@ func getCachedNetworkConfig(cniConf *libcni.CNIConfig, name string, rt *libcni.R
 	}
 	return cniConfList, rt, nil
 }
+
+func (n *cniNetwork) RunInRootlessNetns(toRun func() error) error {
+	if n.rootlessNetns == nil {
+		return types.ErrNotRootlessNetns
+	}
+	return n.rootlessNetns.Run(n.lock, toRun)
+}